Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2017:2924-1
HistoryNov 03, 2017 - 12:08 a.m.

Security update for qemu (important)

2017-11-0300:08:15
lists.opensuse.org
68

0.015 Low

EPSS

Percentile

85.5%

JSON

This update for qemu to version 2.9.1 fixes several issues.

It also announces that the qed storage format will be no longer supported
in SLE 15 (fate#324200).

These security issues were fixed:

  • CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by
    triggering slow data-channel read operations, related to
    io/channel-websock.c (bsc#1062942)
  • CVE-2017-15289: The mode4and5 write functions allowed local OS guest
    privileged users to cause a denial of service (out-of-bounds write
    access and Qemu process crash) via vectors related to dst calculation
    (bsc#1063122)
  • CVE-2017-15038: Race condition in the v9fs_xattrwalk function local
    guest OS users to obtain sensitive information from host heap memory via
    vectors related to reading extended attributes (bsc#1062069)
  • CVE-2017-10911: The make_response function in the Linux kernel allowed
    guest OS users to obtain sensitive information from host OS (or other
    guest OS) kernel memory by leveraging the copying of uninitialized
    padding fields in Xen block-interface response structures (bsc#1057378)
  • CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed
    local guest OS privileged users to cause a denial of service (NULL
    pointer dereference and QEMU process crash) by flushing an empty CDROM
    device drive (bsc#1054724)
  • CVE-2017-14167: Integer overflow in the load_multiboot function allowed
    local guest OS users to execute arbitrary code on the host via crafted
    multiboot header address values, which trigger an out-of-bounds write
    (bsc#1057585)
  • CVE-2017-13672: The VGA display emulator support allowed local guest OS
    privileged users to cause a denial of service (out-of-bounds read and
    QEMU process crash) via vectors involving display update (bsc#1056334)
  • CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause
    a denial of service (QEMU instance crash) by leveraging failure to
    properly clear ifq_so from pending packets (bsc#1056291).

These non-security issues were fixed:

  • Fixed not being able to build from rpm sources due to undefined macro
    (bsc#1057966)
  • Fiedx package build failure against new glibc (bsc#1055587)
OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Desktop12.3x86_64qemu-debugsource< 2.9.1-6.6.3qemu-debugsource-2.9.1-6.6.3.x86_64.rpm
SUSE Linux Enterprise Server12.3s390xqemu-block-ssh< 2.9.1-6.6.3qemu-block-ssh-2.9.1-6.6.3.s390x.rpm
SUSE Linux Enterprise Server12.3aarch64qemu-guest-agent< 2.9.1-6.6.3qemu-guest-agent-2.9.1-6.6.3.aarch64.rpm
SUSE Linux Enterprise Desktop12.3x86_64qemu-block-curl< 2.9.1-6.6.3qemu-block-curl-2.9.1-6.6.3.x86_64.rpm
SUSE Linux Enterprise Server12.3ppc64leqemu-lang< 2.9.1-6.6.3qemu-lang-2.9.1-6.6.3.ppc64le.rpm
SUSE Linux Enterprise Server12.3noarchqemu-seabios< 1.10.2-6.6.3qemu-seabios-1.10.2-6.6.3.noarch.rpm
SUSE Linux Enterprise Server12.3x86_64qemu-block-rbd< 2.9.1-6.6.3qemu-block-rbd-2.9.1-6.6.3.x86_64.rpm
SUSE Linux Enterprise Server12.3s390xqemu-tools< 2.9.1-6.6.3qemu-tools-2.9.1-6.6.3.s390x.rpm
SUSE Linux Enterprise Server12.3x86_64qemu-x86< 2.9.1-6.6.3qemu-x86-2.9.1-6.6.3.x86_64.rpm
SUSE Linux Enterprise Server12.3x86_64qemu-tools< 2.9.1-6.6.3qemu-tools-2.9.1-6.6.3.x86_64.rpm
Rows per page:
1-10 of 811

Related

openvas 25
nessus 62
suse 13
fedora 5
osv 12
debian 5
oraclelinux 7
redhat 12
amazon 3
centos 3
ubuntu 2
redhatcve 8
prion 8
cve 8
debiancve 8
ubuntucve 8
veracode 5
f5 2
cbl_mariner 1
virtuozzo 1
xen 1
openvas
openvas
openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2938-1)
2017-11-07 00:00:00
Fedora Update for qemu FEDORA-2017-9149114fba
2017-11-08 00:00:00
Debian Security Advisory DSA 3991-1 (qemu - security update)
2017-10-03 00:00:00
nessus
nessus
openSUSE Security Update : qemu (openSUSE-2017-1248)
2017-11-07 00:00:00
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2924-1)
2017-11-03 00:00:00
Fedora 26 : 2:qemu (2017-9149114fba)
2017-11-08 00:00:00
suse
suse
Security update for qemu (important)
2017-11-07 06:09:17
Security update for qemu (important)
2017-11-07 06:12:01
Security update for qemu (important)
2017-11-06 21:07:59
fedora
fedora
[SECURITY] Fedora 26 Update: qemu-2.9.1-2.fc26
2017-11-07 22:20:31
[SECURITY] Fedora 27 Update: qemu-2.10.1-1.fc27
2017-11-11 03:30:22
[SECURITY] Fedora 27 Update: qemu-2.10.1-1.fc27
2017-11-11 13:46:42
osv
osv
qemu - security update
2017-10-03 00:00:00
qemu - security update
2017-10-08 00:00:00
qemu-kvm - security update
2017-10-08 00:00:00
debian
debian
[SECURITY] [DSA 3991-1] qemu security update
2017-10-03 21:33:35
[SECURITY] [DLA 1128-1] qemu-kvm security update
2017-10-08 16:45:42
[SECURITY] [DLA 1129-1] qemu security update
2017-10-08 20:20:29
oraclelinux
oraclelinux
qemu-kvm security, bug fix, and enhancement update
2018-04-16 00:00:00
qemu-kvm security update
2017-11-30 00:00:00
qemu-kvm security update
2018-03-13 00:00:00
redhat
redhat
(RHSA-2017:3368) Moderate: qemu-kvm security update
2017-11-30 20:14:11
(RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update
2018-04-10 05:01:42
(RHSA-2017:3369) Moderate: qemu-kvm-rhev security and bug fix update
2017-11-30 20:14:52
amazon
amazon
Medium: qemu-kvm
2017-12-20 18:55:00
Important: qemu-kvm
2018-06-08 18:29:00
Important: qemu-kvm
2018-06-07 23:41:00
centos
centos
qemu security update
2017-12-06 13:15:27
qemu security update
2018-04-26 17:50:14
qemu security update
2018-03-14 14:47:19
ubuntu
ubuntu
QEMU regression
2018-03-05 00:00:00
QEMU vulnerabilities
2018-02-20 00:00:00
redhatcve
redhatcve
CVE-2017-15268
2017-10-12 20:49:03
CVE-2017-12809
2017-08-21 11:18:41
CVE-2017-13711
2020-04-05 16:53:34
prion
prion
Null pointer dereference
2017-08-23 16:29:00
Race condition
2017-10-10 01:30:00
Memory corruption
2017-10-12 15:29:00
cve
cve
CVE-2017-12809
2017-08-23 16:29:00
CVE-2017-15038
2017-10-10 01:30:00
CVE-2017-13711
2017-09-01 13:29:00
debiancve
debiancve
CVE-2017-15038
2017-10-10 01:30:00
CVE-2017-12809
2017-08-23 16:29:00
CVE-2017-13711
2017-09-01 13:29:00
ubuntucve
ubuntucve
CVE-2017-12809
2017-08-23 00:00:00
CVE-2017-15268
2017-10-12 00:00:00
CVE-2017-15289
2017-10-16 00:00:00
veracode
veracode
Information Disclosure
2020-09-21 06:19:52
Denial Of Service (DoS)
2019-05-16 02:53:05
Denial Of Service (DoS)
2019-01-15 09:23:05
f5
f5
K22572754 : QEMU vulnerability CVE-2017-15289
2021-01-25 00:00:00
K23893104 : QEMU vulnerability CVE-2017-13672
2020-12-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2017-14167 affecting package qemu-kvm 4.2.0-13
2020-11-05 04:21:31
virtuozzo
virtuozzo
Product update: Virtuozzo 7.0 Update 5 Hotfix 3 (7.0.5-646)
2017-09-28 00:00:00
xen
xen
blkif responses leak backend stack data
2017-06-20 11:58:00

0.015 Low

EPSS

Percentile

85.5%

JSON
Related for SUSE-SU-2017:2924-1
openvas25nessus62suse13fedora5osv12debian5oraclelinux7redhat12amazon3centos3ubuntu2redhatcve8prion8cve8debiancve8ubuntucve8veracode5f52cbl_mariner1virtuozzo1xen1